OpenStack若干概念

qqruser

　　近期在部署OpenStack时涉及到各个服务之间的诸多概念，这里简要记录其中的一些作为备忘。

服务（service）

在OpenStack中，一个服务有若干端点，用户通过端点访问服务并使用服务提供的功能；

计算服务（Compute Service）—— Nova

网络服务（Networking Service）——Neutron

身份服务（Identity Service）——Keystone

镜像服务（Image Service）——Glance

界面服务（Dashboard）——Horizon

块存储（Block Storage）——Cinder

对象存储服务（Object Storage）——Swift

编排服务（Orchestration）——Heat

监测服务（Telemetry）——Ceilometer

数据处理服务（Data Processing ）——Sahara

数据库服务（Database Service）——Trove

　　An integrated project that provide scalable and reliable Cloud Database-as-a-Service functionality for both relational and non-relational database engines.

综合

RESTful

使用REST风格的网络服务API，Representational State Transfer（REST，表征性状态转移）是广泛应用于万维网的超媒体架构风格；

Network Time Protocol (NTP)

网络时间协议，可以从更精确的时间源获取时间，OpenStack中使用NTP保证各个物理节点之间的时间同步

消息代理（message broker）

计算服务内提供AMQP消息功能的软件，默认为 RabbitMQ

消息队列（message queue）

将客户端的请求传递给合适的工作进程，当任务执行完成后将结果返回给客户端

负载均衡器（load balancer）

A load balancer is a logical device that belongs to a cloud account. It is used to distribute workloads between multiple back-end systems or services, based on the criteria defined as part of its configuration.

　　

存储

iSCSI

The SCSI disk protocol tunneled within Ethernet, supported by Compute, Object Storage, and Image Service.

XFS

由Silicon Graphics开发的64位文件系统，长于处理并行I/O操作和维护数据一致性

扩展属性（extended attributes (xattr)）

File system option that enables storage of additional information beyond owner, group, permissions, modification time, and so on. The underlying Object Storage file system must support extended attributes.

逻辑卷管理器 (LVM)

Provides a method of allocating space on mass-storage devices that is more flexible than conventional partitioning schemes.

计算

虚拟机（virtual machine (VM））

运行于虚拟机监控器上的操作系统实例，一个物理主机上可以同时运行多个虚拟机

虚拟机监控器（hypervisor）

管理和控制虚拟机对底层硬件的访问

kernel-based VM (KVM)

An OpenStack-supported hypervisor. KVM is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V), ARM, IBM Power, and IBM zSeries. It consists of a loadable kernel module, that provides the core virtualization infrastructure and a processor specific module.

Quick EMUlator (QEMU)

QEMU is a generic and open source machine emulator and virtualizer.

One of the hypervisors supported by OpenStack, generally used for development purposes.

虚拟机实例（instance）

运行中的或处于可知状态的虚拟机

CirrOS

用于测试云环境的小型Linux系统

网络

外部网络（external network）

管理网络（management network）

用于管理的网段，连通所有物理节点，外网不可访问

实例隧道网络（instance tunnels network）

计算节点和网络节点之间，用于虚拟机实例流量的网段

DHCP代理（DHCP agent）

OpenStack中为虚拟网络提供DHCP服务的网络代理

第三层代理（L3 agent）

OpenStack中为虚拟网络提供第三层（路由）服务的网络代理

安全组（security group）

一组应用于计算实例的网络过滤规则

dnsmasq

为虚拟网络提供DNS、DHCP、BOOTP和TFTP服务的后台进程

flat network

Virtual network type that uses neither VLANs nor tunnels to segregate tenant traffic. Each flat network typically requires a separate underlying physical interface defined by bridge mappings. However, a flat network can contain multiple subnets.

floating IP address

An IP address that a project can associate with a VM so that the instance has the same public IP address each time that it boots. You create a pool of floating IP addresses and assign them to instances as they are launched to maintain a consistent IP address for maintaining DNS assignment.

generic receive offload (GRO)

Feature of certain network interface drivers that combines many smaller received packets into a large packet before delivery to the kernel IP stack.

generic routing encapsulation (GRE)

一种在虚拟点对点连接中封装了若干网络层协议的协议

ipset

Extension to iptables that allows creation of firewall rules that match entire "sets" of IP addresses simultaneously. These sets reside in indexed data structures to increase efficiency, particularly on systems with a large quantity of rules.

iptables

Used along with arptables and ebtables, iptables create firewalls in Compute. iptables are the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols: iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames. Requires root privilege to manipulate.

network namespace

Linux kernel feature that provides independent virtual networking instances on a single host with separate routing tables and interfaces. Similar to virtual routing and forwarding (VRF) services on physical network equipment.

Network Address Translation (NAT)

The process of modifying IP address information while in transit. Supported by Compute and Networking.

virtual networking

A generic term for virtualization of network functions such as switching, routing, load balancing, and security using a combination of VMs and overlays on physical network infrastructure.

Virtual Network Computing (VNC)

Open source GUI and CLI tools used for remote console access to VMs. Supported by Compute.

jumbo frame

Feature in modern Ethernet networks that supports frames up to approximately 9000 bytes.

maximum transmission unit (MTU)

Maximum frame or packet size for a particular network medium. Typically 1500 bytes for Ethernet networks.

Metadata agent

OpenStack Networking agent that provides metadata services for instances.

Open vSwitch

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (for example NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag).

path MTU discovery (PMTUD)

Mechanism in IP networks to detect end-to-end MTU and adjust packet size accordingly.

plug-in

Software component providing the actual implementation for Networking APIs, or for Compute APIs, depending on the context.

promiscuous mode（混杂模式）

Causes the network interface to pass all traffic it receives to the host rather than passing only the frames addressed to it.

multi-host

High-availability mode for legacy (nova) networking. Each compute node handles NAT and DHCP and acts as a gateway for all of the VMs on it. A networking failure on one compute node doesn't affect VMs on other compute nodes.

ICMP

Internet Control Message Protocol, used by network devices for control messages. For example, ping uses ICMP to test connectivity.

virtual private network (VPN)

Provided by Compute in the form of cloudpipes, specialized instances that are used to create VPNs on a per-project basis.